New tools, products, platforms, funding rounds, and company developments in AI security.
Anthropic is a public benefit corporation (a company legally structured to serve public interest, not just shareholders) that has stated its mission as developing AI responsibly for humanity's benefit. The company's official incorporation documents show this mission statement has remained consistent from 2021 to 2024, with only minor wording updates.
Anthropic's Super Bowl advertisement criticizing OpenAI's decision to add ads to ChatGPT resulted in an 11% increase in daily active users for Claude (Anthropic's chatbot), outperforming competing AI chatbots from OpenAI, Google, and Meta. The ad campaign reflects growing competition between AI companies as they vie for users and enterprise customers ahead of potential future public offerings.
Threat actors are abusing Claude artifacts (AI-generated content shared publicly on claude.ai) and Google Ads to trick macOS users into running malicious commands that install MacSync infostealer malware (software that steals sensitive data like passwords and crypto wallets). Over 10,000 users have viewed these fake guides disguised as legitimate tools like DNS resolvers or HomeBrew package managers.
Researchers discovered a heap buffer overflow (a type of memory corruption flaw where data overflows a temporary memory area) in libpng, a widely-used library for reading and editing PNG image files, that existed for 30 years. The vulnerability in the png_set_quantize function could cause crashes or potentially allow attackers to extract data or execute remote code (run commands on a victim's system), but exploitation requires careful preparation and the flaw is rarely triggered in practice. The flaw affects all libpng versions before 1.6.55.
Anthropic, a startup known for developing Claude (an AI assistant), appointed Chris Liddell, a former Microsoft CFO and Trump administration official, to its board of directors. This move may help improve Anthropic's relationship with the Trump administration, which previously criticized the company for its stance on AI regulation.
xAI, an AI company founded by Elon Musk, is experiencing significant staff departures, with multiple cofounders (including Yuhuai Wu and Jimmy Ba) announcing they are leaving the company. The departures have reduced the company's original 12 cofounders to only 6 remaining, and several other employees have also announced their exits, with some starting their own AI companies.
New AI tools are becoming more powerful, causing investors to worry that AI might eliminate many white-collar jobs (office-based positions requiring advanced skills) or reduce company profits across industries like law, finance, and logistics. However, the article notes that expert opinions are divided about how serious this threat actually is, with some evidence suggesting investor fears may be overstated.
As organizations deploy multiple AI agents (independent AI programs) that work together autonomously, the security risks increase because there are more entry points for attackers to exploit. The complexity of securing these interconnected systems grows along with the number of agents involved.
Ring's Super Bowl advertisement showcases a heartwarming story about dogs reuniting with families, but critics worry it represents a concerning vision of pervasive surveillance (constant monitoring through connected devices) that could eliminate privacy. The ad illustrates how Ring's expanding network of cameras and connected devices could eventually create a society where surveillance is everywhere and inescapable.
OpenAI is shutting down a version of its chatbot called GPT-4o (a large language model, which is AI software trained on massive amounts of text data to generate human-like responses) that became popular for its realistic and personable conversational style. Users who formed emotional attachments to the chatbot, treating it as a companion, are upset about losing access to it.
Google detected and blocked over 100,000 coordinated prompts attempting model extraction (a machine-learning process where attackers create a smaller AI model by copying the essential traits of a larger one) against its Gemini AI model to steal its reasoning capabilities. The attackers specifically targeted Gemini's multilingual reasoning processes across diverse tasks, representing what Google calls intellectual property theft, though the company acknowledged that some researchers may have legitimate reasons for obtaining such samples.
Anthropic, the company behind Claude (an AI chatbot similar to ChatGPT), raised $30 billion in funding, doubling its value to $380 billion. The massive funding reflects investor confidence in AI but also highlights concerns about these companies' extremely high costs for computing power and talent, with both Anthropic and rival OpenAI spending cash at rates that currently outpace their revenue.
SIEM (security information and event management, a system that collects and analyzes security logs to detect threats) platforms are evolving to include AI, machine learning, and integrated tools like XDR (extended detection and response, which finds threats across endpoints and cloud systems) and SOAR (security orchestration, automation, and response, which automates how security teams respond to incidents). This convergence allows organizations to automatically detect and stop threats in real-time without manual intervention, with vendors selling these combined solutions together at rapidly increasing rates.
Ransomware attacks now frequently target identity systems like Active Directory (the software that manages user accounts and permissions in organizations), compromising them to lock legitimate users out of their systems and block recovery efforts. Identity recovery, the process of restoring secure access to these systems after an attack, has become essential to cyber resilience (an organization's ability to recover quickly from security incidents). Security leaders and boards now treat identity recovery as a core part of enterprise risk management, with cyber insurance companies and regulators requiring evidence of tested recovery plans.
OpenAI announced GPT-5.3-Codex-Spark, a smaller and faster version of their GPT-5.3-Codex model made through a partnership with Cerebras, designed for real-time coding tasks. The model processes text at 1,000 tokens per second (meaning it generates 1,000 words or word pieces per second) with a 128k context window (the amount of text it can consider at once), making it useful for iterative coding work where developers want to stay focused and make rapid changes. While the output quality is lower than the standard GPT-5.3-Codex, the speed enables better productivity for hands-on coding sessions.
This article tracks how OpenAI's official mission statement, filed annually with the IRS (the U.S. tax authority), changed between 2016 and 2024. Over time, OpenAI removed mentions of openly sharing capabilities, dropped the phrase "as a whole" from "benefit humanity," shifted from wanting to "help" build safe AI to committing to "develop and responsibly deploy" it themselves, and eventually cut the mission down to a single sentence focused on ensuring artificial general intelligence (AI systems designed to handle any task a human can) benefits all of humanity, while notably removing any mention of safety.
Fix: Users are recommended to exert caution and avoid executing in Terminal commands they don't fully understand. As noted by Kaspersky researchers, asking the chatbot in the same conversation about the safety of the provided commands is a straightforward way to determine if they're safe or not.
BleepingComputerFix: The vulnerability is fixed in libpng version 1.6.55.
CSO OnlineWiz created a benchmark suite of 257 real-world cybersecurity challenges across five areas (zero-day discovery, CVE detection, API security, web security, and cloud security) to test which AI agents perform best at cybersecurity tasks. The benchmark runs tests in isolated Docker containers (sandboxed environments that prevent interference with the main system) and scores agents based on their ability to detect vulnerabilities and security issues, with Claude Code performing best overall.
Meta planned to add facial recognition (technology that identifies people by analyzing their faces) to its smart glasses through a feature called "Name Tag," according to an internal document. The company deliberately timed this launch for a period when privacy advocacy groups would be distracted by other issues, reducing expected criticism of the privacy-sensitive feature.
Fix: Google said organizations providing AI models as services should monitor API access patterns for signs of systematic extraction. According to CISO Ross Filipek quoted in the report, organizations should implement response filtering and output controls, which can prevent attackers from determining model behavior in the event of a breach, and should enforce strict governance over AI systems with close monitoring of data flows.
CSO OnlineData poisoning (corrupting training data to make AI systems behave incorrectly) has become much easier and more accessible than previously thought, requiring only about 250 poisoned documents or images instead of thousands to distort a large language model (an AI trained on massive amounts of text). Adversaries ranging from activists to criminals can now inject harmful data into public sources that feed AI training pipelines, and the resulting damage persists even after clean data is added later, making this a major security threat for any organization using public data to train or update AI systems.
Fix: One of the most reliable protections is establishing a clean, validated version of the model before deployment, which acts as a 'gold' version that teams can use as a baseline for anomaly checks and quickly restore to if the model starts producing unexpected outputs or shows signs of drift.
CSO OnlineKey management (the process of creating, storing, rotating, and retiring cryptographic keys throughout their lifetime) is often overlooked in organizations despite being critical to security, and this gap becomes even more dangerous as post-quantum cryptography (encryption designed to resist quantum computers) and AI systems become more widespread. The real challenge of post-quantum readiness is not choosing the right algorithm, but building operational ability to safely rotate and manage keys across systems without downtime. AI systems introduce additional risks because keys protect not just data access but also AI behavior and decisions, requiring tighter key controls and more frequent rotation than traditional applications need.
Fix: The source recommends implementing these specific capabilities: (1) immutable backups and automated recovery for identity systems such as Active Directory; (2) zero-trust architecture (applying least-privilege access and continuous authentication to limit attack spread); (3) automated orchestration to reduce manual steps in recovery workflows; (4) regulatory readiness with audit-ready reporting and compliance validation; (5) AI-ready protection by securing data environments and enabling fast rollback of damaging actions; and (6) backup platform isolation by treating the backup environment as a separate security domain that can serve as a minimum viable recovery environment when needed.
CSO Online